Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

VPC Endpoints (SSM) cross account?

0

I have an instance in us-west-2, account B (user). Account A (service) has a shared VPC with account B. I'm trying to use SSM to access the instance in the user account (B). I wasn't able to add a VPC endpoint in (B) since the VPC is shared from (A). When I create the SSM endpoints in the service account I can't share them with AWS RAM to the user account. Am I missing something, do I not have to share the endpoint resource with the user account?

We already have network traffic traversing the shared VPC so connectivity isn't an issue. I got stuck when the instance itself's Ping status was "Connection lost" so I'm not sure if the issue lies with the SSM VPCE or SSM internally on the user account.

Argomenti
Networking e distribuzione di contenutiComputazionaliGestione e amministrazione
Tag
Amazon VPCAmazon EC2Gestore dei sistemi AWSVPC condiviso
Lingua
English
Trent
posta 8 mesi fa419 visualizzazioni
1 Risposta
0

Hi, if you create a VPC Interface Endpoint in Account A you can use it from other accounts sharing that VPC, without having to do anything else. Just so long as your NACLs allow connectivity with the endpoint.

To get Systems Manager to recognise an EC2 instance as a Managed Node without "Connection lost", the instance needs to have access to not only the ssm service but also ssmmessages and ec2messages (either via endpoints or over the internet).

ESPERTO
skinsman
con risposta 8 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente